redline | 727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

KMSauto-setup.exe

windows10-1703-x64

1

KMSauto-setup.exe

windows10-2004-x64

Sharing

General

Target

KMSauto-setup.exe
Size

3.8MB
Sample

230421-nhkmwahb4y
MD5

c7e2bb8d867d4f4bb484cfe674a16c55
SHA1

fdd4fbd30bc2db3faf199799bb732dbf3a137a1a
SHA256

727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6
SHA512

c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3
SSDEEP

98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk

Score

10^/10

redline 0215 infostealer

Static task

static1

Behavioral task

behavioral1

Sample

KMSauto-setup.exe

Resource

win10-20230220-en

windows10-1703-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

KMSauto-setup.exe

Resource

win10v2004-20230220-en

redline 0215 infostealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

0215

C2

badinytlesi.xyz:80

yaliesarevi.xyz:80

Attributes

auth_value
c9dd5ca07f69257239203a3c44bb8a57

Targets

- Target
  
  KMSauto-setup.exe
- Size
  
  3.8MB
- MD5
  
  c7e2bb8d867d4f4bb484cfe674a16c55
- SHA1
  
  fdd4fbd30bc2db3faf199799bb732dbf3a137a1a
- SHA256
  
  727a5380cc5975839d6411d42569d834a337d139fb40f2e94e855835e2b538d6
- SHA512
  
  c8596183949d7c888724374f48c202b2f96af8a32654234f746124b0a3476682ab109c7bc293a4c5a8b8e0661a56c954ab467c5d86b9b789237f86acadd596d3
- SSDEEP
  
  98304:CpyfN3PlMJaE15aViYyf6L0c6veW0YDr9C3PVbiUk:SyfQJt15RY66gnZvJUk
Score

10^/10

redline 0215 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

redline0215infostealer

© 2018-2025

Terms | Privacy